FreshTomato Wiki

User Tools

Site Tools

Trace: admin-jffs2 advanced-wlanvifs remote_upgrade_poc admin-log access_restrictions faq basic-static speedtest tools-qr wireless_filter
forward-dmz

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
forward-dmz [2022/01/05 12:49] – created rs232forward-dmz [2024/11/27 01:48] (current) hogwild
Line 1: Line 1:
 ===== DMZ ===== ===== DMZ =====
  
-On a more sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a more simple effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP, instead of each being dealt with individually. Consider DMZ a "lazy" and potentially dangerous approach to port forwarding, due to the large security hole it opens.+On a sophisticated network, the DMZ (Demilitarized Zone) is a specific area of the network where services are provided in a secure way. However, in FreshTomato, DMZ has a simpler effect. When enabled, all unknown ports on FreshTomato's WAN are forwarded to the defined DMZ host IP address, instead of each being dealt with individually.
  
-**Enable DMZ**: This turns the DMZ function on or off.+Since it opens a large security hole, consider DMZ a "lazy" and potentially dangerous approach to port forwarding. You are advised to use other port forwarding methods before resorting to DMZ.\\   \\ **Enable DMZ**: turns on or off the DMZ function.
  
-**Destination Address**: This is the LAN IP address of the device meant to receive all these forwarded ports.+ \\
  
-**Destination Interface**: This is the VLAN/bridge where the above host resides.+**Destination Address**: the LAN IP address of the device to receive all these forwarded ports.
  
-**Source Address Restriction**: If specified, this will limit DMZ activity to the defined source IP address range. The Default is empty, which means ports from any IP or range will be forwarded.+ \\
  
-**Leave Remote Access**If enabled, will force SSH (TCP port 22) and HTTP (TCP port 443) traffic to always be answered by the FreshTomato router, regardless of DMZ settings.+[[https://wiki.freshtomato.org/lib/exe/detail.php?id=dmz&media=c3eb8300c295e4230ec42a93d23e3aeb.png|{{:c3eb8300c295e4230ec42a93d23e3aeb.png?621}}]]
  
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=dmz&media=c3eb8300c295e4230ec42a93d23e3aeb.png|{{:c3eb8300c295e4230ec42a93d23e3aeb.png}}]]+ \\ 
 + 
 +**Destination Interface**this is the VLAN/bridge where the above host can be found. 
 + 
 + \\ 
 + 
 +**Source Address Restriction**: if entered, limits DMZ activity to the defined source IP address range. 
 + 
 +The Default is empty, which means ports from any address/range will be forwarded. 
 + 
 + \\ 
 + 
 +**Leave Remote Access**: if enabled, forces FreshTomato to always answer SSH (TCP/22) and HTTP (TCP/443) traffic, regardless of DMZ settings. 
 + 
 +\\  \\  \\
  
  
forward-dmz.1641386991.txt.gz · Last modified: by rs232

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki